Elsewhere at the conference, Microsoft issued a challenge for hackers, offering a $300,000 award for anyone that can successfully hack its public-cloud infrastructure service. And numerous companies shared their latest research regarding cyber threats.

Click through the gallery below for highlights and a recap of the event, owned by Channel Partners’ parent company, Informa.

Communication Is Critical

Jeff Moss, Black Hat founder and director, welcomed attendees and stressed the importance of communication in cybersecurity. Good communication may mean a bigger budget for cybersecurity, while poor communication could get you fired, he said.

Bringing Together Security and Software Developers

Black Hat keynoter Dino Dai Zovi, Square’s mobile security lead, stressed the importance of development teams and security teams working together and sharing the responsibility for security. He also said when it comes to fighting cybercriminals, culture is way more powerful than strategy, which is way more powerful than tactics.

Lessons From the Equifax Breach

Jamil Farshchi, Equifax’s chief information security officer, said organizational structure and decision processes will directly impact whether organizations fall victim to cybercriminals. He also said it’s important to bridge the divide between an organization’s technical and nontechnical aspects. He joined Equifax after it suffered a massive data breach, which resulted in unauthorized access to the personal information of nearly 44% of the U.S. population.

The Ins and Outs of Bug Bounty Programs

Adam Ruddermann, practice director at NCC Group, gave a tutorial on creating and launching bug bounty programs, or vulnerability disclosure programs. The programs don’t have to be “fancy,” just very simple, he said. There are both public and private programs. Public programs remain ongoing, while private programs can be temporary, coinciding with the release of a new product, he said.

Qualys Debuts New Offering

Qualys, the cloud security provider, demonstrated its Global IT Asset Inventory product. It creates a continuous, real-time inventory of known and unknown assets across an organization’s global IT framework. The assets can be from on-premises, endpoints, multicloud, mobile, containers, OT and IoT.

FireEye’s Puzzle Box Challenge

Games and challenges were a big hit in the Black Hat Business Hall. Attendees gathered at the FireEye booth for the puzzle box challenge. FireEye also announced details regarding a prolific Chinese cyberthreat group, the Advanced Persistent Threat group, responsible for targeted operations against organizations in 15 jurisdictions, and across multiple industries including health care, gaming, high-tech and the media.

Cisco Demos Network Security

In the Business Hall, Cisco introduced Cisco Threat Response, a console that automates integrations across Cisco security products and threat intelligence sources.

Microsoft Challenges Hackers

At its booth in the Business Hall, Microsoft invited attendees to “try and compromise the system.” It’s adding a $300,000 award to its Azure bounty program for anyone that can successfully hack its public-cloud infrastructure service.

Webroot’s Threat Investigator

Webroot provided demonstrations of its Threat Investigator, a tool that offers a view of the internet surrounding a particular URL, including potential threat actors. Webroot BrightCloud Threat Intelligence Services are used by companies like Cisco, F5 Networks, Citrix, Aruba and Palo Alto Networks.

Capture the Flag Challenge

WatchGuard Technologies’ Capture the Flag badge challenge was a big draw in the Business Hall. The company recently announced a series of major updates to its ThreatSync threat correlation and response platform, including accelerated breach detection, network process correlation and AI-powered threat analysis.

Illusive Networks

Illusive Networks uses deception technology to reduce the attack surface to preempt attacks, detect unauthorized lateral movement early in the attack cycle, and provide real-time forensics for enhanced response. Michelle Marchand, Illusive’s director of channels, East, said for the most part deception technology is considered “more of a want than a need” right now.

Black Hat Arsenal

Researchers and the open-source community showcased their latest open-source tools and products in the Black Hat Arsenal. The area included live demonstrations and presenters interacted with attendees to provide a hands-on experience.

Empowering Women in Cybersecurity

The Women’s Society of Cyberjutsu (WSC) provided information about its efforts to help women succeed in cybersecurity. The WSC community includes information security professionals, IT professionals, programmers, computer scientists and engineers, as well as women wanting to explore and join the field.

Categories

we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. DigitalMunition is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.